brainstorm
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. Ingestion points: The skill reads project files .ai_state/conventions.md and .knowledge/pitfalls.md (SKILL.md). Boundary markers: Absent; no delimiters are used to separate external data from agent instructions. Capability inventory: The skill can write to the file system (.ai_state/design.md) and call various MCP tools (SKILL.md). Sanitization: Absent; content from the project files is processed without validation or escaping.\n- [COMMAND_EXECUTION]: Usage of Model Context Protocol (MCP) Tools. The skill relies on external tools including augment-context-engine, mcp-deepwiki, and cunzhi to search project files and verify technical feasibility (SKILL.md). These tools are part of the intended workflow but involve the execution of external logic.
Audit Metadata